Sindows 7
join:2006-09-13
Hope, BC
|  UN website targeted by hackers
The UN was today reviewing the security procedures on its website after a group of hackers posted anti-Israeli messages on the personal page of the Secretary-General.
A page usually given over the speeches of Ban Ki Moon was yesterday displaying messages which read: "Hey Ysrail and Usa dont [sic] kill children and other people Peace for ever No war."
The messages, apparently written by a group of hackers who go by the name CyberProtest, were posted in the early hours of Sunday, but had been removed by 9:15am East Coast time, a UN spokesman said.
"We are very concerned that this happened and we are investigating,” the spokesman said. "We will make security changes to prevent this from happening again."
The messages were prefaced by the words "Hacked By Keremy 125 M0sted And Gsy That Is CyberProtest', a reference to a group of hackers - one of whom is Turkish - who have previously been associated with attacks on high-profile websites.
Today a website run by one of the group, M0sted, had links to a number of other CyberProtest attacks, including on the sites of the car-makers Toyota and Nissan, and Harvard University.
'M0sted' said that CyberProtest's objective was to spread the message "that the powerful have no right to oppress the powerless."
The website of another CyberProtest member, 'Eno7', who described him or herself as an 'IT security expert', said that the group has been founded in response to the Israeli military offensive against Lebanon last year.
"The chief architects of this protest are myself, Eno7 from Turkey, and the byond hackers team from Chile. We expanded our efforts as nine other countries joined us afterwards,” it said.
Cyber Protest did not intend to disrupt the operation of its victims' websites, "only to give a message against war," Eno7 said.
Security experts said today that the attack was most likely conducted using SQL injection, where a hacker exploits a vulnerability in a site that allows it to be altered at the same time that pages are being requested.
"It needn't be a part of the site that allows visitors to interact with it - like a comments page," Steve Moyle, founder and chief technology officer of Secerno, a security firm, said. "Even in a 'read only' section, a hacker can issue a command that forces the database to issue information, and they find that vulnerability, an attacker can gain full control of the site."
Among the other sites to have allegedly been hacked by Cyber Protest are those of Nestle, the University of California, and the Norfolk and Norwich University Hospital.
Today the Secretary-General's page had been restored to show extracts of speeches on climate change as well as on the adoption of a hybrid peace-keeping force in Darfur.
»technology.timesonline.co.uk/tol···0127.ece |
